In this post, I dive deep into UEFI Authenticated Variables to show you how UEFI Secure Boot is implemented. I also provide the source code for a simple UEFI utility which outputs information about the X.509 certificates in the Secure Boot keys.

In this post I show you how to decode a DER encoded binary X509 certificate and use it to show you the contents of the Microsoft X509 certificate used as the UEFI Secure boot KEK for Windows 8 platforms.